From 4d78ba9900e0fb2ad3ba20c472255b01dadf4572 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Sep 2019 17:15:06 +0300
Subject: [PATCH] EAP-TEAP peer: Clear Phase 2 EAP method on new Identity
 exchange

This is needed to allow clean transition from one inner EAP
authentication method to another one if EAP method negotiation is needed
within Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_peer/eap_teap.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/eap_peer/eap_teap.c b/src/eap_peer/eap_teap.c
index 06665b9ef..f751fbec3 100644
--- a/src/eap_peer/eap_teap.c
+++ b/src/eap_peer/eap_teap.c
@@ -378,6 +378,22 @@ static int eap_teap_select_phase2_method(struct eap_teap_data *data,
 }
 
 
+static void eap_teap_deinit_inner_eap(struct eap_sm *sm,
+				      struct eap_teap_data *data)
+{
+	if (!data->phase2_priv || !data->phase2_method)
+		return;
+
+	wpa_printf(MSG_DEBUG,
+		   "EAP-TEAP: Phase 2 EAP sequence - deinitialize previous method");
+	data->phase2_method->deinit(sm, data->phase2_priv);
+	data->phase2_method = NULL;
+	data->phase2_priv = NULL;
+	data->phase2_type.vendor = EAP_VENDOR_IETF;
+	data->phase2_type.method = EAP_TYPE_NONE;
+}
+
+
 static int eap_teap_phase2_request(struct eap_sm *sm,
 				   struct eap_teap_data *data,
 				   struct eap_method_ret *ret,
@@ -413,21 +429,15 @@ static int eap_teap_phase2_request(struct eap_sm *sm,
 	wpa_printf(MSG_DEBUG, "EAP-TEAP: Phase 2 Request: type=%u:%u",
 		   vendor, method);
 	if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_IDENTITY) {
+		eap_teap_deinit_inner_eap(sm, data);
 		*resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
 		return 0;
 	}
 
 	if (data->phase2_priv && data->phase2_method &&
 	    (vendor != data->phase2_type.vendor ||
-	     method != data->phase2_type.method)) {
-		wpa_printf(MSG_DEBUG,
-			   "EAP-TEAP: Phase 2 EAP sequence - deinitialize previous method");
-		data->phase2_method->deinit(sm, data->phase2_priv);
-		data->phase2_method = NULL;
-		data->phase2_priv = NULL;
-		data->phase2_type.vendor = EAP_VENDOR_IETF;
-		data->phase2_type.method = EAP_TYPE_NONE;
-	}
+	     method != data->phase2_type.method))
+		eap_teap_deinit_inner_eap(sm, data);
 
 	if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
 	    data->phase2_type.method == EAP_TYPE_NONE &&
-- 
2.47.2